A deficit of a consensus on what needs to be done to make information systems safer has long been an important issue for the information security professionals. Fortunately, the answer to this problem has come in a shape of SANS 20 Critical Security Controls - practical consensus guidelines for effective cyber defence. These Top 20 Controls were agreed upon by a consortium that includes NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center, top commercial forensics experts and pen testers.

NRD EA offers audit that specifically measures the organisation's compliance with the requirements of SANS 20 Critical Security Controls and assists companies in preparing a plan for automation of these controls in order to radically lower the cost of their security while improving its effectiveness.